• I am part of a team, which provides cyber defenses that help companies protect data and monitor, detect, investigate, and respond to attacks
• will leverage Splunk's Phantom security platform to more quickly and consistently detect and respond to threats. The Phantom security platform automates repetitive tasks, cuts down on dwell times with automated investigations, and integrates existing security infrastructure to link up a cohesive defense strategy.

Responsibilities:

• Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags. *Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
• Maintained Splunk Environment with multiple indexers managed and configured settings.
• Improved search performance by configuring to search heads for all Indexes in production.
• Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
• Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
• Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Ability to build custom applications and technical add-ons for efficiently on-barding data and meeting Splunk CIM compliance for Enterprise Security accelerated data models
• Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
• Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.
• Environment: Splunk.7.x, Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python

• I was part of Internet of Things (IoT) team, which is responsible for operational technology security using splunk.Our team was closely working with monitoring and diagnostics as well as predictive maintenance

Responsibilities:

• Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-Virus etc., using SIEM tools.
• Proficient in designing and deploying large scale applications by using almost all of the AWS stack (Including EC2, Route53, S3, RDS, Dynamo DB, SNS, SQS, IAM) focusing on high availability, fault tolerance, and Auto Scaling in AWS Cloud Formation
• Upgraded Splunk Enterprise from v 6.2 to v 6.5.1 in clustered environments and non-clustered environments.
• Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
• Experience with creating Physical and logical data models
• Developed Splunk Infrastructure on Cloud (Amazon AWS) in coordination with infrastructure Support Teams.
• Worked on Splunk ITSI scales to collect and index terabytes of real-time and historical events and metrics, that are both human and machine
• generated, across multi-datacenter and cloud-based infrastructures.
• Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
• Experience in building / deploying complex infrastructure & proven hands-on cloud migration solution design / delivery experience, advised software development teams on architecting and designing web interfaces and infrastructures that safely and efficiently power the cloud environment
• Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
• Monitor security violations, flag potential violations and logging security incidents in Service Now.
• Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
• Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
• Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
• Maintained Splunk Environment with multiple indexers managed and configured settings.
• Improved search performance by configuring to search heads for all Indexes in production.
• Analyzed security based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Work with SIEM tool QRadar by tuning security events, creating building block, search for reports and search security events.
• Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
• Used Machine learning to solve major logs, events and metric issues in ITSI application in Splunk environment.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
• Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
• Worked in SIEM environment Implemented security systems to computer networks in compliance with company's security policies. Prepared documents to support customers and service engineers.
• Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
• Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.
• Used Machine learning to solve major logs, events and metric issues in ITSI application in Splunk environment.

Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python

I was part of a five member team, which was responsible for Mitigate the risk of cyberthreats and fraud by monitoring and correlating multiple systems and applying advanced analytics to detect potential security breach attempts and protect financial privacy.

Responsibilities:

• Created Dashboards, Visualizations, Statistical reports, scheduled searches, Alerts and also worked on creating different other knowledge objects.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server)
• Worked on installing Universal and Heavy forwarder to bring any kind of data fields in to Splunk.
• Provide Regular support guidance to Splunk project teams on complex solution and issue resolution.
• Helping application teams in on-boarding Splunk and creating dashboards/alerts/reports etc.
• Maintained and managed assigned systems, Splunk related issues and administrators.
• Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Designing and maintaining production-quality Splunk dashboards.
• Create Dashboard, Reports and Alerts for events and configure alert mail.
• Worked on DB Connect configuration for Oracle and MySQL
• Developing Scheduling Alerts, Experience with Deployment Server & Advanced XML.
• Created Dashboards for various types of business users in organization and worked on creating different Splunk Knowledge objects like Macros, IFX, Calculated fields, Tags, Event Types and Look ups.
• Field Extraction, Using IFX, Rex Command and Reg Ex in configuration files.
• Scripting and development skills (Perl, Python) with strong knowledge of regular expressions.
• Use techniques to optimize searches for better performance, Search time field extractions. And understanding of configuration files, precedence and working.
• Various types of charts Alert Settings Knowledge of app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.

Environment: Splunk 6.x, Splunk ES, Splunk DBConnect2.0, Splunk ITSI, Splunk ITOA, D3.js, Tomcat 7.x, JBoss 7.x, BIGIP Load Balancers, SAML, Wily Introscope 6.0, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x, JDBC, JDK1.7, J2EE, JSP, Servlets, XML, Oracle 11g, GI.

• Maintain knowledge of emerging threats, vulnerabilities, and intelligence within the cyber security field to ensure subscribers are remediating against known threats
• Assist in implementation of splunk
• Created SOP for splunk security operation
• Troubleshoot configuration and splunk indexing issues
• Monitoring and analysis of alerts triggered on sensors to determine malicious activities and unwanted traffic and initiating and monitoring requests to address relevant vulnerabilities
• Deploy, troubleshoot, and maintain network-based vulnerability scanners at subscriber sites to ensure appropriate coverage of scanning services
• Generate capture as necessary of the network (s) security posture and provide to CND management for situational awareness.
• Maintained Splunk Environment with multiple indexers managed and configured settings.
• Improved search performance by configuring to search heads for all Indexes in production.
• Analyzed security based events, risks and reporting instances. Developed Splunk queries.